| Message ID | 20180613144417.30225-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
On Wed, Jun 13, 2018 at 04:44:17PM +0200, Ondrej Mosnacek wrote: > We must load the block from the temporary variable here, not directly > from the input. > > Also add forgotten zeroing-out of the uninitialized part of the > temporary block (as is done correctly in morus1280.c). > > Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") > Reported-by: syzbot+1fafa9c4cf42df33f716@syzkaller.appspotmail.com > Reported-by: syzbot+d82643ba80bf6937cd44@syzkaller.appspotmail.com > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Patch applied. Thanks.
diff --git a/crypto/morus640.c b/crypto/morus640.c index 9fbcde307daf..5eede3749e64 100644 --- a/crypto/morus640.c +++ b/crypto/morus640.c @@ -274,8 +274,9 @@ static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst, union morus640_block_in tail; memcpy(tail.bytes, src, size); + memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size); - crypto_morus640_load_a(&m, src); + crypto_morus640_load_a(&m, tail.bytes); crypto_morus640_core(state, &m); crypto_morus640_store_a(tail.bytes, &m); memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
We must load the block from the temporary variable here, not directly from the input. Also add forgotten zeroing-out of the uninitialized part of the temporary block (as is done correctly in morus1280.c). Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") Reported-by: syzbot+1fafa9c4cf42df33f716@syzkaller.appspotmail.com Reported-by: syzbot+d82643ba80bf6937cd44@syzkaller.appspotmail.com Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- crypto/morus640.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)